Disassembly guide

From The 07K Wiki

Revision as of 12:29, 1 November 2022 by Arte (talk | contribs) (→‎Getting started)

Getting started

Engine control unit (ECU) contains a set of instructions which we call a program. This program dictates how the ECU processes the information (inputs, outputs, maps, etc.). It's actually possible to edit the program to add, remove, or edit features, although it's not always an easy process.

Since the source code is proprietary code to Bosch, we have to disassemble the compiled code to alter it. For this, we can use a disassembly tool that will convert the compiled file into assembly code.

Among those tools, you could use:

Disassembling the ME17.5

This guide cover IDA, but configuration should be very similar on Ghirda

Launch IDA, click on "New" and select your file (flash memory, micro-controller)

Ida quick start.png

Set "Processor type" to "Infineon TRICORE [TRICORE]"

Ida load 1.png

Check "Create ROM section", use 0x80000000 for "ROM start address" and "Loading address". We got this information from the memory_segment information on the definition file (.a2l)

Ida memory organization.png

Select the device name (processor) of your ECU according to your revision:

ME17.5: tc1766

ME17.5.6: tc1767

Ida device name.png

At this point, the project is created but no instructions are defined. For this, we can select the whole PFLASH section (only section that interest us)

To convert to instructions, you can click on this icon or you can press C

Ida code.png

A window prompt, you can click "Force"

Ida window.png

Congratulations! Your project is now ready. You can use the a2lextract tool to get some RAM variables address (be aware of possible offset). Refer to the MED17.5 funktionsrahmen and the Tricore instruction set

Retrieved from "https://the07k.wiki/index.php?title=Disassembly_guide&oldid=2745"